]> git.ipfire.org Git - thirdparty/qemu.git/commit
projects / thirdparty / qemu.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5479d91) | patch
hw/ufs: Fix buffer overflow bug
authorJeuk Kim <jeuk20.kim@samsung.com>
Mon, 5 Feb 2024 03:20:15 +0000 (12:20 +0900)
committerMichael Tokarev <mjt@tls.msk.ru>
Thu, 2 May 2024 10:03:01 +0000 (13:03 +0300)
commitd5cf8bed29870b6f9f2c26892acdc889033894d9
treeda97b55aad1b5316e3e91fc33fe0cafe7cb6c78etree
parent5479d911bc8f769a914668f65bf04f30fb64627dcommit | diff
hw/ufs: Fix buffer overflow bug

It fixes the buffer overflow vulnerability in the ufs device.
The bug was detected by sanitizers.

You can reproduce it by:

cat << EOF |\
qemu-system-x86_64 \
-display none -machine accel=qtest -m 512M -M q35 -nodefaults -drive \
file=null-co://,if=none,id=disk0 -device ufs,id=ufs_bus -device \
ufs-lu,drive=disk0,bus=ufs_bus -qtest stdio
outl 0xcf8 0x80000810
outl 0xcfc 0xe0000000
outl 0xcf8 0x80000804
outw 0xcfc 0x06
write 0xe0000058 0x1 0xa7
write 0xa 0x1 0x50
EOF

Resolves: #2299
Fixes: 329f16624499 ("hw/ufs: Support for Query Transfer Requests")
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Jeuk Kim <jeuk20.kim@samsung.com>
(cherry picked from commit f2c8aeb1afefcda92054c448b21fc59cdd99db30)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
hw/ufs/ufs.c diff | blob | blame | history
Mirror of https://git.qemu.org/git/qemu.git